FBI Director Kash Patel's Email Hacked as Iran-Linked Hackers Vow Continued Cyberattacks Despite Ceasefire

A shaky two-week ceasefire between Iran and the U.S.-Israel alliance isn't stopping Iranian-backed hackers from targeting American infrastructure and government officials -- including FBI Director Kash Patel himself.

The hacking group Handala, which operates as a pro-Palestinian, pro-Iranian network independent of Tehran's direct control, claimed it breached Patel's personal email account and leaked old photos of the FBI director. The hack came as retaliation after the FBI seized four web addresses the group used to spread its propaganda.

"We did not begin this war, but we will be the ones to finish it," Handala wrote on its X account. "And let it be clear: The cyber war did not begin with the military conflict, and it will not end with any military ceasefire."

The breach of Patel's email is just one example of how digital warfare has become inseparable from military conflict -- and how a ceasefire on the battlefield doesn't translate to peace in cyberspace.

Critical Infrastructure Already Compromised

On Tuesday, U.S. authorities issued a joint warning that Iranian-backed hackers have already infiltrated programmable logic controllers -- internet-connected computers that automate and control critical industrial systems. These devices run operations at ports, power plants, and water treatment facilities across the country.

The advisory from the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency urged organizations using this technology to immediately update their security protocols. CISA did not respond to questions about whether the ceasefire would reduce the cyber threat.

Cybersecurity experts say it won't.

Markus Mueller, a cybersecurity executive at Nozomi Networks, predicts cyberattacks on American targets will actually increase during the ceasefire, not decrease. With regional hostilities paused, hackers can shift focus from immediate battlefield targets to broader infiltration campaigns against U.S. organizations that supported the war effort -- including data centers, tech companies, and defense contractors.

"With a ceasefire, we will likely see an expansion of cyber activity both in scale and scope," Mueller said. "These groups will likely try to execute a high-profile attack such as what we saw with Stryker."

Medical Supplier Disrupted, FBI Director Targeted

Handala has already demonstrated its reach. Last month, the group claimed responsibility for hacking Stryker, a major Michigan-based medical equipment manufacturer. The hackers said the attack was retaliation for strikes that killed Iranian schoolchildren.

When the FBI responded by seizing Handala's web domains, the group escalated by targeting Patel personally -- a move that underscores how proxy hacking networks view U.S. law enforcement leadership as fair game.

Other Iranian-linked groups have installed malware on Israeli phones, penetrated surveillance cameras across the Middle East to improve Iran's missile targeting capabilities, and targeted data centers throughout the region.

So far, these attacks have been high in volume but relatively low in immediate impact -- designed more to boost morale among Iran's supporters and remind adversaries of their vulnerabilities than to cause catastrophic damage. But that calculus could change.

Mueller warned that Russian or Iranian groups may use the ceasefire period to launch a spectacular cyberattack on a high-profile U.S. target, specifically designed to capture American public attention and demonstrate that the digital war continues regardless of any temporary truce.

A Ceasefire Already Fraying

The two-week ceasefire itself appears fragile, with both sides claiming victory and significant disagreements already emerging over its terms. Handala announced it would temporarily pause attacks on the U.S. while continuing to target Israel -- but promised to resume American operations "when the time is right."

That timeline may be shorter than anyone hopes. With critical infrastructure already compromised and hackers explicitly vowing to continue their campaigns, the cyber dimension of this conflict shows no signs of winding down.

For American organizations operating ports, utilities, hospitals, and defense systems, the message is clear: the ceasefire changes nothing about their threat level. If anything, they should expect the attacks to intensify.